Re: lynx-dev HTString.c patch for HTQuoteParameter()

[Duncan Simpson]

In bash, and AFAIK most other shells (I think including *csh) it is permitted 
to partial quote an argument, and even arbitarily mixed quoted and unquoted 
sections in a single argument, provided yyou portect things that would be 
seperators in the normal course of events. The agument will remain a single 
argument.

For example if /tmp/e.sh says

#!/bin/sh
echo $1

then
/tmp/e.sh 'A single quote '\'' in single quotes*%#' 

passes 1 argument to e.sh, all of it in single quotes, modulo the single quote 
in the argumnet. The output of e.sh is

A single quote ' in single quotes*%#

showing the argument I passed to e.sh by that trickery. ''\'''\''' expands to 
two single quotes, using vast numbers of characters in the process.

However laboriously turning off shell metacharacters and then using system is 
silly and will breed nasty shell gotchas and exploits. Instead use fork() and 
exec*() directly, which avoids the shell enitrely and is within POSIX. cygwin 
also supports this solution.

[Side note: The only member of exec* that is a real system call is execve, all 
other others are front ends for execve(2).]

-- 
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."



; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden